Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block facebook.com in pfSense?

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      valerica
      last edited by

      I'm using pfSense on a Netgate SG-5100. It has Internet connection just fine. All I'm trying to do is block one single site: facebook.com. And I need to block it by domain name, not IP addressing.

      I've been trying for weeks with pfBlockerNG. I was putting facebook.com in the TLD Blacklist. This might not be right though since facebook.com is a second-level domain, whereas "com" is the TLD.

      Eventually, I got as far as blocking all .com sites but still being able to visit .org and .gov sites. That wasn't what I wanted but at least something was working. Then I changed one little thing and it stopped working, and I haven't been able to make it work again.

      Today I tried to block facebook.com with Squid and SquidGuard. I added it as a 'target category' and in 'common ACL'. It's doing nothing and I can't make heads or tails of it. Maybe the way I changed DNS settings for pfBlockerNG doesn't work with SquidGuard?

      It seems like all the relevant guides are years old, from when configuration options were different. How does one block facebook.com on pfSense?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @valerica
        last edited by

        @valerica If pfSense is DNS for your network, on the DNS Resolver page add a Host Override for "facebook.com" pointing to 127.0.0.1 or some fake IP.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        V 1 Reply Last reply Reply Quote 0
        • V
          valerica @SteveITS
          last edited by

          @steveits Thank you for replying. I restored everything to defaults and configured it with your suggestion. In general setup, I set it to use local and ignore remote DNS. Then I added the following as a host override:

          Host: facebook
          Parent domain of host: facebook.com
          Return IP address: 127.0.0.1

          It's still allowing access to facebook.com . Am I missing something?

          S GertjanG 2 Replies Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @valerica
            last edited by

            @valerica "nslookup facebook.com" and see if it's resolving to 127.0.0.1. If that does, it's being overridden OK, but it could be the browser using DNS over HTTP (DoH) which you'd need to turn off or block. I couldn't get pfBlockerNG-devel to block it via the settings in the package so I ended up enabling the "TheGreatWall_DoH_IP" feed and just blocking it that way. It can be turned off in browsers also. Firefox has a domain that can be set up (via Domain Override in pfSense)...https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @valerica
              last edited by

              @valerica said in How to block facebook.com in pfSense?:

              Host: facebook
              Parent domain of host: facebook.com
              Return IP address: 127.0.0.1

              This means :
              facebook.facebook.com will return 127.0.0.1.

              Did you check that ? (nslookup, dig etc)
              Do you want that ?

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.